Network Attack Detection at Flow Level [chapter]

Aleksey A. Galtsev, Andrei M. Sukhov
2011 Lecture Notes in Computer Science  
In this paper, we propose a new method for detecting unauthorized network intrusions, based on a traffic flow model and Cisco NetFlow protocol application. The method developed allows us not only to detect the most common types of network attack (DDoS and port scanning), but also to make a list of trespassers' IP-addresses. Therefore, this method can be applied in intrusion detection systems, and in those systems which lock these IP-addresses.
doi:10.1007/978-3-642-22875-9_30 fatcat:hck5nwvgpbdv3keclu4v2w2i3u